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DETAILED ACTION 

1 . This is a Final Office Action in response to the applicant's amendments filed on October 
18, 2006. 

2. The applicant amended independent claims 1 and 30. 

3. The examiner object claims 4, 9-1 1, 34, 35 and 37. 

4. Claims 1-4, 6-11, and 30-37 have been considered and are pending. 



Response to Arguments 

5. Applicant's arguments filed on October 18, 2006 have been fully considered but they are 
not persuasive. 

In response to applicant's argument that the references fail to show certain features of 
applicant's invention, it is noted that the features upon which applicant relies (i.e., 

" routing the packet to a process within the recipient computer using a second 
address"; 

"routing the packet within the recipient computer using another address", 
and 

"routing of data within a computer one the data is received by the computer" 

) are not recited in the rejected claim(s). Although the claims are interpreted in light of the 
specification, limitations from the specification are not read into the claims. See In re Van 
Geuns, 988 F.2d 1 181, 26 USPQ2d 1057 (Fed. Cir. 1993). 
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6. Therefore, the applicant's arguments are not persuasive to overcome the prior art of 
record and do not place independent claims 1 and 30 in condition for allowance. Dependant 
claims 2-4, 6-1 land 31-37; depending directly or indirectly from their corresponding 
independent claims are also not placed in condition for allowance. 

Claim Rejections - 35 USC § 103 

7. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth 
in section 102 of this title, if the differences between the subject matter sought to be patented and the prior 
art are such that the subject matter as a whole would have been obvious at the time the invention was made 
to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 

8. Claims 1-3, 6-10, 30-33 and 36 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Huitema et al. (US Pat No.: 2002/0073215) in view of Godwin et al. (US Pub No.: 
2002/00133608). 

As per claim 1 : 

Huitema et al. disclose a method for conveying a security context, comprising: 
issuing a first Internet Protocol version compliant packet, wherein the first Internet 
Protocol version compliant packet comprises a first Internet Protocol version 
compliant header, wherein the first Internet Protocol version compliant header 
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comprises a security context, wherein the security context comprises a Supernet 
identifier, a Channel identifier, and the virtual address, and wherein data in a 
payload of the first Internet Protocol version compliant packet is encrypted using 
the Supernet identifier and the Channel identifier to obtain an encrypted payload 
(Page 1: 0014; 0015; 0016; Figure 4 ; Page 1 : 0014; 0015; 0016; Figure 4); 

issuing a second Internet Protocol version compliant packet, wherein the second Internet 
Protocol version compliant packet comprises a second Internet Protocol version 
compliant header wherein the second Internet Protocol version compliant header 
comprises a second Internet Protocol version compliant address the recipient 
computer system, wherein a payload of the second Internet Protocol version 
compliant packet comprises the first Internet Protocol version compliant packet, 
and wherein the first Internet Protocol version is different from the second 
Internet Protocol version (Page 1: 0014; 0015; 0016; Figure 4: 420; Page 2: 0005- 
0006; Page 3: 0007); and 

forwarding the second Internet Protocol version compliant packet to the recipient 
computer system, wherein the security context is used by the recipient computer 
to decrypt the encrypted payload (Page 1: 0014; 0015; 0016; Figure 4). 



Huitema et al. do not explicitly disclose obtaining a virtual address associated with a 
process executing on a recipient and first Internet Protocol comprising security context. Godwin 
et al. in analogous art, however, disclose a virtual address associated with a process executing on 
a recipient and first Internet Protocol comprising security context (Page 4: 0033, 0040, 0065, 
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0109). 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to modify the system disclosed by Huitema et al. to include a 
virtual address associated with a process executing on a recipient and first Internet Protocol 
comprising security context. This modification would have been obvious because a person 
having ordinary skill in the art would have been motivated to do so to provide a methods, 
systems and computer program products for providing Internet Protocol Security to a plurality of 
target hosts in a cluster of data processing systems which communicate with a network through a 
routing communication protocol stack utilizing a dynamically routable as suggested by Godwin 
et al in (Page 4: 0033). 

As per claim 2: 

Huitema et al. disclose a method, wherein the first Internet Protocol version compliant 
packet is Internet Protocol version 6 compliant packet (Page 1: 0014; 0015; 0016; Figure 4). 

As per claim 3: 

Huitema et al. disclose a method, wherein the second Internet Protocol version compliant 
packet is Internet Protocol version 4 compliant packet (Page 1: 0014; 0015; 0016; Figure 4). 

As per claim 30: 

Huitema et al. disclose a method for processing a security context, comprising: 
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receiving a first Internet Protocol version compliant packet comprising a first Internet 
Protocol version compliant header and a first Internet Protocol version compliant 
payload, wherein the first Internet Protocol version compliant payload by a 
second Internet Protocol version compliant packet, wherein the second Internet 
Protocol version compliant packet comprises encrypted data and a second Internet 
Protocol version compliant header comprising, a security context, wherein the 
security context comprises a virtual address, a Supernet identifier, and a Channel 
identifier (Page 1: 0014; 0015; 0016; Figure 4) 

decrypting the encrypted data, by a recipient computer system, using the Supernet 
identifier and Channel identifier to obtain decrypted data (Page 1: 0014; 0015; 
0016; Figure 4); and 

routing the decrypted data to a process in the recipient computer system using the virtual 
address, wherein the first Internet Protocol version compliant header comprises a 
first Internet Protocol version compliant address used to route the first Internet 
Protocol version compliant packet to the recipient computer system (Page 1: 
0014; 0015; 0016; Figure 4). 

Huitema et al. do not explicitly disclose extracting the encrypted data and the security 
context from the first Internet and routing the decrypted data to a process in the recipient 
computer system using the virtual address and decrypting the data. Godwin et al. in analogous 
art, however, disclose extracting the encrypted data and the security context from the first 
Internet and routing the decrypted data to a process in the recipient computer system using the 



Application/Control Number: 10/037,800 Page 7 

Art Unit: 2137 

virtual address and decrypting the data (Page 4: 0033, 0040, 0065, 0109; Page 4: 0035; Page 
9:0093). 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to modify the system disclosed by Huitema et al. to include 
extracting the encrypted data and the security context from the first Internet and routing the 
decrypted data to a process in the recipient computer system using the virtual address and 
decrypting the data. This modification would have been obvious because a person having 
ordinary skill in the art would have been motivated to do so to provide a methods, systems and 
computer program products for providing Internet Protocol Security to a plurality of target hosts 
in a cluster of data processing systems which communicate with a network through a routing 
communication protocol stack utilizing a dynamically routable as suggested by Godwin et al. in 
(Page 4: 0033). 

As per claims 6 and 3 1 : 

Huitema et al. disclose a method, wherein the security context comprises a 128 bit unique 
value (Page 1:0003). 

As per claims 7 and 32: 

Neither Huitema et al. nor Godwin et al. explicitly teach that the security context 
comprised of a 16 bit set and a 112 bit set. However, using IPv6 packets, headers and 
addressing, it is obvious and very well known to those skilled in the art that the claimed bit 
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partition to be comprised of a 16 bit set and a 1 12 bit set value for an intended purpose as evident 
in IPSec. 

As per claims 8 and 33: 

Neither Huitema et al. nor Godwin et al. explicitly teach that 16 bit set denotes a site 
local Internet protocol address comprising 12 bits for an address prefix followed by 4 bits for a 
zero value. However it is obvious and very well known to those skilled in the art that denoting a 
16 bit set to a site Internet protocol address comprising 12 bits for an address prefix followed by 
a b4 bit of a zero value for an intended purpose as it is evident in IPSec protocol. 

As per claim 36: 

The applicant of this application suggested that any packet management infrastructure 
may be used, appreciated by those skilled in the art, to obtain security context from the stripped 
packet using a handler mechanism (Page 9, Paragraph 0031). Therefore, it is obvious and very 
well known to those skilled in the art that the security context is obtained from the stripped 
packet using a handler mechanism. 

Allowable Subject Matter 

9. Claims 4, 9-11, 34, 35 and 37 are objected to as being dependent upon a rejected base 
claim, but would be allowable if rewritten in independent form including all of the limitations of 
the base claim and any intervening claims. 
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After reconsideration of the applicant's argument filed on October 18, 2006 and further 
search and through examination of the present application, claims 4 5 9, 10, 34, 35 and 37 are 
objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in 
independent form including all of the limitations of the base claim and any intervening claims. 

The application provides a method and apparatus for conveying security context in virtual 
addressing information by defining multiple Channels in a Supernet and nodes can communicate 
with other nodes only if they belong to the same channel on the Supernet sharing the same key. 

Conclusion 

10. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

See the notice of reference cited in form PTO-892 for additional prior art 

1 1 . Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
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will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 



Contact Information 

12. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Techane J. Gergiso whose telephone number is (571) 272-3784. 
The examiner can normally be reached on 9:00am - 6:00pm. If attempts to reach the examiner by 
telephone are unsuccessful, the examiner's supervisor, Emmanuel Moise can be reached on (571) 
272-3865. The fax phone number for the organization where this application or proceeding is 
assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
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system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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